CVE-2014-9296 — Improper Restriction of Operations within the Bounds of a Memory Buffer in NTP

CWE-17 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure CWE-264 CWE-310 CWE-390 — Detection of Error Condition Without Action20 documents11 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

24.6%

top 3.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP Cisco Products

Timeline

PublishedDec 20

Latest updateMay 13

Description

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/ntp< ntp 1:4.2.6.p5+dfsg-3.2 (bullseye)

▶Debianntp/ntp< 1:4.2.6.p5+dfsg-3.2

▶Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1

▶NVDntp/ntp4.2.7

▶ciscocisco/products

🔴Vulnerability Details

GHSA

GHSA-9prp-4cr8-gqhf: The receive function in ntp_proto↗2022-05-13

▶

OSV

ntp vulnerabilities↗2014-12-22

▶

OSV

CVE-2014-9296: The receive function in ntp_proto↗2014-12-20

▶

📋Vendor Advisories

CISA ICS

Network Time Protocol Vulnerabilities (Update C)↗2015-02-04

▶

CISA ICS

Network Time Protocol Vulnerabilities (Update B)↗2014-12-23

▶

Cisco

Multiple Vulnerabilities in ntpd Affecting Cisco Products↗2014-12-23

▶

BSD

FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite↗2014-12-23

▶

Ubuntu

NTP vulnerabilities↗2014-12-22

▶

📄Research Papers

arXiv

Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities↗2020-08-17

▶

💬Community

Bugzilla

CVE-2014-9296 ntp: receive() missing return on error↗2014-12-19

▶

Bugzilla

CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]↗2014-12-19

▶